Site icon New Generation Enterprise Linux

Hardening Directory Traversal with the Sticky Bit

Permissions & Security (Chmod/Chown/ACLs/SELinux/AppArmor)

Hardening Directory Traversal with the Sticky Bit

đź§© The Challenge

In shared directories with world-writable permissions, any user can delete or rename files created by others even if they do not own them. This creates a security risk where unauthorized users can sabotage or remove important data belonging to other system accounts.

đź’ˇ The Fix

Apply the sticky bit to the directory to ensure that only the file owner, the directory owner, or the superuser can delete or rename files within that specific path.

chmod +t /path/to/shared/directory

⚙️ Why It Works

When the sticky bit (represented by the t character) is set on a directory, the Linux kernel restricts file deletion and renaming operations to only those who own the file or the directory itself. This is the standard mechanism used for system directories like /tmp to prevent users from interfering with each other’s temporary files.

🚀 Pro-Tip: You can also set the sticky bit numerically by prefixing your chmod command with a 1, such as chmod 1777 /shared/folder.

Linux Tips & Tricks | © ngelinux.com | 7/10/2026

0 0 votes
Article Rating
Exit mobile version